﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        
        if (Session["USERNAME"] != null)
            Response.Redirect("main.aspx");
        if (!IsPostBack)
        {
            Session["USERNAME"] = null;
            Session["PASSWORD"] = null;
            Session["IDENTITY"] = null;
            Session["ENTERID"] = null;
            Session["EMPLOYEENAME"] = null;
        }

    }
    protected void Button_log_Click(object sender, EventArgs e)
    {
        string name=TextBox1.Text;
        string password=TextBox2.Text;
        bool log=false;
        //如果密码与数据库中用户的密码一致，log设置为true，否则log仍为false
        SqlConnection sc = new SqlConnection(ConfigurationManager.ConnectionStrings["wbkpt"].ConnectionString.ToString());
        sc.Open();
        SqlCommand com_check = new SqlCommand();
        com_check.Connection = sc;
        com_check.CommandText = "select ENTER_PASSWORD from INFO_ENTER where ENTER_NAME=@name";
        com_check.Parameters.AddWithValue("@name", name);
        object a = com_check.ExecuteScalar();
        string ori_psw = "";
        if (a == null)
        {
            log = false;
        }
        else { ori_psw = a.ToString(); }
        if (ori_psw.Equals(password) == true)
        {
            log = true;
        }
        else log = false;

        if (log == true)
        {
            SqlCommand com_getstatus = new SqlCommand("select STATUS from INFO_ENTER where ENTER_NAME=@nameee",sc);
            com_getstatus.Parameters.AddWithValue("@nameee",name);
            int stat = Convert.ToInt32(com_getstatus.ExecuteScalar().ToString());
                if(stat==1)
                {
                    Page.RegisterStartupScript("ss", "<script>alert('管理员用户已在线！')</script>");
                    return;
                }
                else
                {
                    try
                    {
                        
                        
                        SqlCommand get_id = new SqlCommand();
                        get_id.Connection = sc;
                        get_id.CommandText = "select ENTER_ID from INFO_ENTER where ENTER_NAME=@name2";
                        get_id.Parameters.AddWithValue("@name2", name);
                        string tmpid= get_id.ExecuteScalar().ToString();
                       
                        SqlCommand com_upline = new SqlCommand("update INFO_ENTER set STATUS=1 where ENTER_NAME=@namee", sc);
                        com_upline.Parameters.AddWithValue("@namee", name);
                        while (Application["sqllock"] == "lock")
                        {
                            System.Threading.Thread.Sleep(2000);
                        }
                        Application["sqllock"] = "lock";
                        try
                        {
                            com_upline.ExecuteNonQuery();
                         
                            Session["IDENTITY"] = "manager";
                            Session["ENTERID"] = tmpid;
                            Session["USERNAME"] = name;
                            Session["PASSWORD"] = password;
                            Session["EMPLOYEENAME"] = null;
                        }
                        finally
                        {
                            Application["sqllock"] = "unlock";
                        }
                       
                    
                            Response.Redirect("main.aspx",false);
                      
                    }
                    catch
                    {
                        System.Data.SqlClient.SqlCommand down = new System.Data.SqlClient.SqlCommand();
                        down.Connection = sc;
                        down.CommandText = "update INFO_ENTER set STATUS=0 where ENTER_NAME=@name";
                        down.Parameters.AddWithValue("@name", Session["USERNAME"]);
                        while (Application["sqllock"] == "lock")
                        {
                            System.Threading.Thread.Sleep(2000);
                        }
                        Application["sqllock"] = "lock";
                        try
                        {
                            down.ExecuteNonQuery();
                        }
                        finally
                        {
                            Application["sqllock"] = "unlock";
                            Session["USERNAME"] = null;
                        Session["PASSWORD"] = null;
                        Session["IDENTITY"] = null;
                        Session["EMPLOYEENAME"] = null;
                        Session["ENTERID"] = null;
                        Page.RegisterStartupScript("ss", "<script>alert('记录已清空！')</script>");
                       
                        }
                    }
                }
        }
        else Response.Redirect("error_log.aspx", true);
    }
    protected void Button_reg_Click(object sender, EventArgs e)
    {
        Response.Redirect("register_1.aspx", true); 
    }
    protected void Button_emp_Click(object sender, EventArgs e)
    {
        Response.Redirect("login_employee.aspx", true);
    }
}